Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyberattakcs. Show all posts

Microsoft Source Code Heist: Russian Hackers Escalate Cyberwarfare

 


There was an update on the hacking attempts by hackers linked to Russian foreign intelligence on Friday. They used data stolen from corporate emails in January to gain access to Microsoft's systems again, which were used by the foreign intelligence services to gain access to the tech giant's products, which are widely used in the national security establishment in the United States. 

Analysts were alarmed by the disclosure as they expressed concerns about whether the U.S. government could use Microsoft's digital services and infrastructure safely. Microsoft is one of the world's largest software companies which provides systems and services to the government, including cloud computing. 

It has been alleged that the hackers have in recent weeks gained access to Microsoft's internal systems and source code repositories using information stolen from the company's corporate email system. The tech firm said that the hackers had used this information to access the company's corporate email systems. It is the nuts and bolts of a software program which make it work. 

Therefore, source code is of great importance to corporations - as well as spies trying to penetrate it. With access to the source code, hackers may be able to carry out follow-on attacks against other systems if they have access. During the first days of January, Microsoft announced that its cloud-based email system had been breached by the same hackers, days before another big tech company, Hewlett Packard Enterprise, announced that its cloud-based email system was breached. 

Although the full scope and purpose of the hacking activity is unclear, experts say the group responsible for the hack has a history of conducting extensive intelligence-gathering campaigns for the Kremlin. According to Redmond, which is examining the extent of the breach, the Russian state-sponsored threat actor may be trying to take advantage of the different types of secrets that it found in its investigation, including emails that were shared between Microsoft and its customers. 

Even though they have contacted the affected customers directly, the company didn't reveal what the secrets were nor what the extent of the compromise was. It is unclear what source code was accessed in this case. According to Microsoft, as well as stating that it has increased its security investments, the adversary ramped up its password spray attacks more than tenfold in February, in comparison to the "amount of activity" that was observed earlier in the year. 

Several analysts who track Midnight Blizzard report that they target governments, diplomatic agencies, non-governmental organizations, and other non-governmental organizations. Because of Microsoft's extensive research into Midnight Blizzard's operations, the company believes the hacker group might have targeted it in its January statement. 

Ever since at least 2021, when the group was found to have been behind a series of cyberattacks that compromised a wide range of U.S. government agencies, Microsoft's threat intelligence team has been conducting research on Nobleium and sharing it with the public. According to Microsoft, persistent attempts to breach the company are a sign that the threat actor has committed significant resources, coordination, and focus to the breach effort. 

As part of their espionage campaigns, Russian hackers have continued to hack into widely used tech companies in the years since the 2020 hack. US officials and private experts agree that this is indicative of their persistent, significant commitments to the breach. An official blog post that accompanied the SEC filing on Friday said that the hackers may have gathered an inventory of potential targets and are now planning to attack them, and may have enhanced their ability to do so by using the information they stole from Microsoft. 

Several high-profile cyberattacks have occurred against Microsoft due to its lax cybersecurity operations, including the compromise of Microsoft 365 (M365) cloud environment by Chinese threat actors Storm-0558, as well as a series of PrintNightmare vulnerabilities, ProxyShell bugs, two zero-day exchange server vulnerabilities known as ProxyNotShell that have been reported as well. 

Microsoft released the February Patch Tuesday update which addressed the admin-to-kernel exploit in the AppLocker driver that was disclosed by Avast six months after Microsoft accepted Avast's report about the exploit. The North Korean adversary Lazarus Group, which is known for exploiting the Windows kernel's read/write primitive to establish a read/write primitive on the operating system, used the vulnerability to install a rootkit on the system. The company replaced its long-time chief information security officer, Bret Arsenault, with Igor Tsyganskiy in December 2023 to alleviate security concerns.

MIT Startup Harnesses AI Technology to Safeguard Global Supply Chains Against Cyberattacks

 


A MIT-based AI apps startup is advancing to new heights in the cybersecurity field by developing innovative technologies to prevent supply chain attacks through artificial intelligence. Cybercriminals are becoming increasingly interested in targeting supply chains. To prevent damage to supply chains, this innovative startup aims to offer robust protection. 

Providing seamless cross-border flows of goods and services is one of the most significant elements of supply chains as they support a global economy. In recent years, they have grown increasingly vulnerable to cyberattacks, with malicious actors targeting vulnerabilities in digital infrastructure to disrupt operations and compromise sensitive data. This is in a bid to disrupt these operations and compromise the security of sensitive data. As the start-up recognizes the dire need for supply chain security in an increasingly complex environment, it is now paving the way for the next era of supply chain security built on robust defense mechanisms. 

Businesses and organizations around the world are exposed to significant threats due to supply chain attacks. A malicious actor who infiltrates a vulnerable point in a supply chain can compromise critical systems, steal sensitive information, or introduce malicious software into the system. This is the result of compromising vulnerable points. To create a resilient shield against cyber threats, the MIT startup has leveraged artificial intelligence to implement a proactive defense mechanism that recognizes the need for proactive measures. 

There are reports that manufacturers are facing supply chain attacks that demand ransomware amounts that are twice or three times the ransomware demands made in other industries, according to the manufacturers. 

In fact, it can cost millions of dollars to stop a production line. The majority of small to mid-sized single-location manufacturers who are targeted make a ransom payment, then scramble to locate cybersecurity advice to be able to prevent another security breach in the future. As a result, it is not uncommon for them to become victims again from time to time.  

The threat of ransomware remains the way of choice for cybercriminal groups looking to gain financial benefit from attacks on supply chains. One of the most infamous attacks targeted Aebi Schmidt, ASCO, COSCO, Eurofins Scientific, Norsk Hydro, and Titan Manufacturing and Distributing, among others. Several other major victims have requested anonymity for security reasons. A disaster of a similar nature occurred in the Danish shipping conglomerate A.P. Meller-Maersk, which is part of the Danish shipping conglomerate A.P. Meller Group. A number of other cargo terminals in Los Angeles were also affected by this attack, which shut down the city's largest terminal.  

It is not only the focus on advanced cybersecurity techniques that sets this MIT startup apart from other startups. This technology uses AI-powered solutions to augment traditional rules-based systems rather than relying solely on rule-based solutions to respond quickly and adaptively to evolving threats. 

Due to the system's adaptive nature, the system is able to stay one step ahead of cybercriminals, learning from new threats continually and constantly improving its defenses to keep up with them.

Further, the startup has a commitment to collaborating with industry partners, organizations, and cybersecurity experts in order to further enhance its capabilities. It is their intention to strengthen the resilience of supply chains on a global scale by fostering a globally accessible ecosystem of sharing information and collective defense. By implementing a collaborative approach, threat intelligence can be disseminated rapidly and countermeasures can be developed more quickly and effectively. 

Mid-tier and small manufacturers in particular find it difficult to manage supplier risk effectively because they are already shorthanded when it comes to their IT and cybersecurity departments. Standards and technologies that are scalable are what they need. A new standard that was developed by the National Institute of Standards and Technology (NIST) is intended to manage risk associated with cybersecurity supply chains for systems and organizations. It aims to provide a guide that is intended to assist supply chain managers in identifying, assessing, and addressing cyber threats throughout their supply chains. 

This standard is the result of a follow-up capstone report published one year later, Executive Order on America's Supply Chains: A Year of Action and Progress. This report was the result of President Biden's initial executive order on America's Supply Chains, issued on February 24, 2021. NIST provides a framework for hardening supply chain cybersecurity.

As a result of the cofounders’ research at MIT, an AI app platform has been created by Ikigai Labs, which was designed to use large graphical models (LGMs) and expertise-in-the-loop (EiTL) for AI Applications based on their research. This feature allows the system to gather inputs from experts in real-time and to continuously learn to maximize AI-driven insights, expertise and intuition. There are currently several AI Apps that are being used by Ikigai to optimize supply chains (labor planning, sales, operations), retail (demand forecasting, new product launches), insurance (auditing rate-making), financial services (compliance know-your-customer), banking (reconciliation of transactions between customer entities) and manufacturing (predictive maintenance and quality assurance); and there is much more on the list of possible uses as well. 

By using expert-in-the-loop (EiTL) workflows that continuously improve the accuracy of the LGM models which LKigai uses, this approach will be able to solve cybersecurity challenges related to supply chains. In order to improve the effectiveness and results of MDR, it would be beneficial to combine LGM models with EiTL techniques.  

There is a constant challenge that every enterprise faces when trying to make sense of siloed and incomplete data that is spread throughout the organization. In fact, data gaps are among the most constraining aspects of most organizations' most difficult, complex problems. These specialized strategic areas require a high level of strategic planning, which is not something that can be achieved by existing methods of mining data.   

By working with sparse, limited datasets, Ikigai's AI Apps platform helps solve these challenges by delivering needed insight and intelligence through the use of LGMs that are capable of doing so. 

DeepPlan includes the ability to prepare data using deep learning, DeepMatch to optimize the preparation of data through AI and DeepCast to model predictive models with sparse data using machine learning and one-click MLOps. It is thanks to Ikigai's advanced technology that advanced features such as EiTL are possible in its products.  

Incorporating human expertise into EiTL with LGM models improves model accuracy as the model is more accurate. When it comes to managed detection and response (MDR) scenarios, EiTL would work with human expertise to detect upcoming threats and fraud patterns by combining it with learning models. Using EiTL's real-time inputs into the AI system, MDR teams is able to detect threats more quickly and respond more effectively to those threats. 

In combining the LGM and EiTL technologies provided by Ikigai, the Ikigai AI platform can identify fraud, intrusions, and breaches that can be stopped and prevented through its use of artificial intelligence. To ensure that only transactions involving known identities will be allowed, this procedure is followed. Additionally, the ways in which Ikigai creates applications are versatile enough to enforce least privileged access and to audit every session which occurs between an identity and its resources as well as to enforce least privilege access. Zero-trust security relies on both of these components as its key components. 

The AI infrastructure developed by Ikigai is designed so that people who lack technical expertise can easily use it to develop apps and predictive models that can be scaled across an organization on an immediate basis. 

Key elements of the platform include DeepMatch, DeepCast and DeepPlan. DeepMatch matches rows based on dataset columns. Using DeepCast, you will be able to make predictions with little data when using spatial and temporal data structures. It is made possible for decision-makers to create scenarios using historical data by DeepPlan using historical data. 

There is an increasing need for robust cybersecurity measures to be implemented in the context of expanding supply chains that are becoming increasingly digitized. A new MIT startup is demonstrating how artificial intelligence technology can be incorporated into supply chains to make them more resilient to cyberattacks.

It is believed that global supply networks will be more secure and resilient in the future due to them harnessing the power of advanced algorithms and collaboration in order to use the latest technological advancements MIT startup MITid is playing a leading role in harnessing the power of artificial intelligence to secure supply chains in an era where supply chains are increasingly vulnerable to cyber attack.